Newsletter Fact or Fiction

False

All industries and organisations can and are targeted.

True

Multi-Factor Authentication is a commonly used and valuable security tool. You are given access to an account after providing two or more pieces of information; something you are, something you have or something you know. For example, a username, password and code sent to your device. Passwords should be complex and unique.

False

Cyber criminals can plant USB sticks with the intention of spreading malware. When plugged in they can compromise devices and potentially wider network systems.  You are advised to never use a USB stick you find or is second hand, and has not been fully wiped by a University team.

False 

Viruses exist for mobile phones and can infect and compromise. You should install an anti-virus app and keep it updated.

False

We all have personal data about ourselves and most likely family and friends which is of interest to criminals. Our laptop, phone or other device if compromised can be used as a route into the University network. Anyone can be a target

True

Social engineering is the manipulation of the natural human tendency to trust. Social engineers use deception to encourage individuals into divulging personal information and data which can then be used for fradulent purposes. An attack can start with a phishing email, a text, a phone call, even an arranged meeting in the street. Cyber criminals know about social engineering and are expert in its use.

True 

It's important to be aware of what you install and give permission to when accepting the terms and conditions for mobile apps.

True

Today it's difficult to name a household object that isn't available with a wi-fi option and app. As with your laptop and phone the security of these should be kept under regular review.

False

The USB stick could easily be setup to infect your computer, setting up a backdoor connection for further compromise. It's an attack vector that is used by cyber criminals when attempting to infiltrate an organisation.

False

Phishing attempts can range in format: initial contact can be a plain text email with no attachments or links, to lure the victim into a dialogue.

True

Our information security is dependent on the safety and good practice of all of our members. 

False

Password managers benefit every internet or account user, as we all tend to have a great number of complex passwords to remember, which should not be written down. We all hold personal info about ourselves and family that can be of great value to criminals. Your data is important and should be kept secure. Our University uses a password manager called LastPass 

True

The AIDS Trojan mailed out on a five and a quarter inch floppy disk is the first recorded case of Ransomware

False

The latest from Microsoft is a staggering 90% of compromises start with an email

True

The company Darktrace worked on an incident in 2018 where a casino was hacked via a thermometer in a lobby aquarium

True

More information on protecting against viruses can be found here

Use Anti-virus

True

We deliver an awareness session that explains what ransomware is, and how to protect against it. Find out when the next session will be and how to book, at MyEd.

True

More information about phishing and how to avoid can be found here

Learning to avoid phishing